25 matches found
EUVD-2014-6029
Malware in sbrugna...
EUVD-2012-5639
Malware in sbrugna...
EUVD-2013-0611
Malware in sbrugna...
Security Bulletin: WebSphere DataPower XC10 Appliance vulnerabilities exist in the administrative console and session cookie at login (CVE-2014-3059 and CVE 2014-2060)
Summary In certain configurations, a security vulnerability exists in WebSphere DataPower XC10 Appliance. A WebSphere eXtreme Scale attacker could gain administrative access to the device. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2014-3059 In certain configurations, a security...
Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 7 that affect the WebSphere DataPower XC10 Appliance. The issues were disclosed as part of the IBM SDK, Java™ Technology Edition updates in January and April 2019. Vulnerability Details CVEID: CVE-2019-2426 DESCRIPTION: A...
Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 7 that affect the WebSphere DataPower XC10 Appliance. The issues were disclosed as part of the IBM SDK, Java™ Technology Edition updates in July and October 2018. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-5597)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by affect WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION: An unspecifie...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-3427, CVE-2016-3426)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427...
Security Bulletin: Multiple vulnerabilities in Network Time Protocol(NTP) affect WebSphere DataPower XC10 Appliance (CVE-2016-5300, CVE-2015-7704, CVE-2015-8138)
Summary There are multiple vulnerabilities in Network Time ProtocolNTP implementation that is used by WebSphere DataPower XC10 Appliance. These vulnerabilities addressed include the ability to disable the NTP client and bypass security restrictions to bypass the timestamp validation check...
Security Bulletin: Vulnerability in GNU C Library(glibc) affects WebSphere DataPower XC10 Appliance(CVE-2015-7547) - Revised fix available
Summary A GNU C Libraryglibc vulnerability with a stack based overflow was addressed by WebSphere DataPower XC10 Appliance. On Friday March 11th 2016, a fix was published to resolve this security vulnerability. However, that fix needed revision. A corrected fix is now available. Vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred t...
Security Bulletin: Sensitive data lingers in memory on the WebSphere DataPower XC10 Appliance
Summary Sensitive data lingers in memory allowing access by an administrator of the WebSphere DataPower XC10 Appliance. This is addressed in the interim fix. Vulnerability Details CVEID: CVE-2015-7418 DESCRIPTION: The IBM WebSphere DataPower XC10 Appliance allows some sensitive data to linger in...
Security Bulletin: Vulnerability in Apache Commons affects WebSphere DataPower XC10 Appliance (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere DataPower XC10 Appliance. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the syste...
Security Bulletin: Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance
Summary There are multiple vulnerabilities in IBM Java Runtime Version 7 that is used by WebSphere DataPower XC10 Appliance Versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere DataPower XC10 Appliance V2.1 (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects WebSphere DataPower XC10 Appliance Version 2.1. WebSphere DataPower XC10 Appliance Version 2.5 is not affected. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could...
Security Bulletin: GNU C library (glibc) vulnerability affects WebSphere DataPower XC10 Appliance (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects WebSphere DataPower XC10 Appliance. Vulnerability Details CVEID:CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafte...
Security Bulletin: Vulnerability in SSLv3 affects WebSphere DataPower XC10 Appliance versions 2.1 and 2.5 (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the WebSphere DataPower XC10 Appliance versions 2.1 and 2.5. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: The product could allow a...
Security Bulletin: Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance
Summary Three security vulnerabilities were identified in the IBM® SDK, Java™ Technology Edition provided with WebSphere DataPower XC10 Appliance. Vulnerability Details CVEID: CVE-2014-0878 DESCRIPTION: A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom...
Security Bulletin: WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance client vulnerability (CVE-2013-6734)
Summary In certain configurations, a security vulnerability exists in WebSphere eXtreme Scale Client, the client that is used with WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance. WebSphere eXtreme Scale Client might allow cached HTTP session data of one user to be accessed by a...
IBM WebSphere DataPower XC10 Appliance Local Information Disclosure Vulnerability (CNVD-2016-04905)
IBM WebSphere DataPower XC10 is a suite of caching platforms from IBM in the United States. A local information disclosure vulnerability exists in the IBM WebSphere DataPower XC10 Appliance, which can be exploited by an attacker to obtain sensitive information...